Barracuda Networks VERSION SP4 User Manual

9 Barracuda NG Network Access Client - Administrator’s Guide

on the client system is assumed untrusted and a configured "untrusted access" firewall rule set and
client message applies.

Nevertheless, Barracuda Networks recommends to configure a catch-all rule at the end of the policy
rule set. An explicit catch-all rule allows a better control of the required client health-state and gives
more details to the end user. In addition more details in the server-side visualisation will be available.

Each policy rule consists of three parts:

1. An identity related part that defines the applicable matching policy and criteria.

2. A health policy part is used to determine the health state by comparing the status information sent
by the client with the specified required status. There are only three health states: healthy, probation,
and unhealthy.

3. And finally, there is a third policy attribute part that contains firewall rule sets, messages, pictures,
and network access policies that are assigned to a healthy client.

The matching procedure is graphically shown on the next page.